Search location by ZIP code

NEWS ARCHIVE

Is Folsom Dam at risk of 'insider threats'?

Inspector general says 2 US dams at risk of threats due to poor computer security

Share

Shares

Copy Link

{copyShortcut} to copy
Link copied!

Updated: 10:55 AM PDT Jun 12, 2018

Is Folsom Dam at risk of 'insider threats'?

Inspector general says 2 US dams at risk of threats due to poor computer security

Share

Shares

Copy Link

{copyShortcut} to copy
Link copied!

Updated: 10:55 AM PDT Jun 12, 2018

Hide TranscriptShow Transcript

WEBVTT THE LATEST STORM SYSTEM. >> LIKE A DAY AND A HALF AGO. >> JERRY COMES TO THE AMERICAN RIVER DAILY. >> THE WATER SO HIGH NOTE FISHING IS OUT OF THE QUESTION. >> WAY TOO HIGH, WAY TOO FAST. >> YOU CAN EVEN SEE THEM. >> IT IS THE RESULT OF RELEASE WHICH IS 102 PERCENT OF OUR AVERAGE. >> THIS IS A REPEAT WARM ONE. WE ARE WATCHING THAT. WE HAVE ALL FIVE GATES OPEN IN FOLSOM RIGHT NOW TO MAKE ROOM. WE HAVE ABOUT 25,000 CFS COMING OUT OF THE DAM. >> HERE AT WATT AVENUE YOU CAN SEE JUST HOW HIGH THE RIVER IS ROOTED >> RIVER LEVELS WILL RISE. IT IS NOTHING WE ARE CONCERNED ABOUT. >> THEY KEEP AN EYE ON BLAKE OROVILLE. THEY CAPTURED THESE IMAGES AFTER DWR THAT THEY MAY HAVE TO USE THE PARTIALLY RECONSTRUCTED SPILLWAY. THIS AFTERNOON THEY SAID THE WAKE REMAINS MORE THAN 35% BELOW ITS TRIGGER LEVEL.

Advertisement

Is Folsom Dam at risk of 'insider threats'?

Inspector general says 2 US dams at risk of threats due to poor computer security

Share

Shares

Copy Link

{copyShortcut} to copy
Link copied!

Updated: 10:55 AM PDT Jun 12, 2018

SACRAMENTO, Calif. (AP) —

Two dams critical to U.S. national security are at high risk for "insider threats" that could impair operations because of poor computer security practices such as too many employees having access to administrator accounts and failures to routinely change passwords, according to a new inspector general report.

An evaluation released Monday by the U.S. Department of the Interior doesn't name the two dams, and spokeswoman Nancy DiPaolo cited national security concerns. But they are among five dams operated by the U.S. Bureau of Reclamation that are considered "critical infrastructure," meaning their destruction or impairment could hurt national security.

Advertisement

Those five dams are Shasta and Folsom dams in Northern California, Glen Canyon Dam in Arizona, Grand Coulee Dam in Washington and Hoover Dam, which straddles Nevada and Arizona.

The United States and other countries have accused Russian hackers of trying to infiltrate critical infrastructure such as power plants, elevating the sensitivity around making sure U.S. systems are secure.

The inspector general's report found the two dams are at low-risk of outside cyber infiltration - but at high risk of threats from within. They're run remotely through a computer system that controls generators, valves and gates at the dams from a U.S. Bureau of Reclamation operations center. The agency disputed some of the findings.

Among the factors cited as security risks: Too many people have access to administrative accounts, employees aren't changing their passwords often enough, account access isn't always revoked when employees leave, and the agency isn't conducting robust enough background checks for employees with high-level privileges. For example, the evaluation found nine of 30 administrator accounts hadn't been used in more than a year.

The report characterized the issues as "significant control weaknesses that could be exploited by insiders."

Administrative access would give an employee the ability to compromise the system by installing malware to disrupt dam operations, installing back-door access for others, deleting or modifying crucial programs, revoking access for others and deleting or modifying control logs to "conceal malicious activity," according to the report.

The inspector general offered five recommendations, including eliminating the use of group accounts that allow multiple workers access and conducting more rigorous background checks on certain employees.

The U.S. Bureau of Reclamation disputed several of the findings. It said the number of people with privileged administrative access is necessary to provide 24/7 support to the dams and that system administrators are required to log their use of group accounts. The bureau said it follows federal guidelines for conducting background checks.

The inspector general conducted interviews with operations center and dam staff in April 2017.